Researcher: Hardware “No-Execute” Zone Is No Big Security Deal - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

03:54 PM

Researcher: Hardware “No-Execute” Zone Is No Big Security Deal

Both Intel and AMD have touted the notion, which essentially means setting some areas of memory as off-bounds to prevent worms and other malicious code from inserting functions into memory and executing them. But one researcher says the scheme won’t stop all attacks.

The no-execute feature that's been folded in the newest processors to ward off malicious attacks isn't the panacea that many users think it is, a security researcher at the Black Hat conference claimed in his presentation Wednesday. Such perceptions aren't necessarily being stoked by the likes of chipmakers Intel and AMD, but users are picking them up anyway, often from media reports.

AMD calls the feature "Enhanced Virus Protection" (EVP) and Intel calls it eXecute Disable (or XD). More generically, it's known as NX, for No eXecute. Essentially, it's a way to specify protected portions of memory so that processor instructions can't execute there. The idea behind setting some areas of memory as off-bounds is to prevent worms and other malicious code from inserting functions into memory and executing them.

AMD has touted EVP within its 64-bit Athlon processors as a security technology that lets "you enjoy peace of mind." But chip vendors haven't portrayed NX as a panacea. AMD, for instance, calls EVP a "preventative measure" that won't prevent malicious code attacks, but will make them "localized, short-lived, and non-contagious."

Intel, meanwhile, takes a similar line, saying that the impact of future mass-mailed worms in the Slammer and MSBlast vein would be "substantially reduced" by XD.

The problem, said David Maynor, an engineer with Internet Security Systems' (ISS) X-Force research team, is that such caveats have been lost in the media reports about NX, which have over-simplified the technology's effectiveness. "Some claims of NX paint it as a silver bullet," said Maynor. "The hype is the NX stops all security exploits dead in their tracks, and that we don't have to worry about the next MSBlast."

That's simply untrue, said Maynor. NX won't stop all attacks that are aimed at creating a buffer overflow, the most commonly-used tactic today for compromising a system. "I can still execute code on an NX-enabled machine," said Maynor. "It just requires a slightly more tricky technique."

A "return-to-libc attack," for instance, in which the return address on the stack is replaced by the address of another function, could be the basis for assaults on a non-executable memory stack, Maynor explained.

Attackers could also create fake stack frames to bypass the memory protection that NX provides, said Maynor. Such techniques aren't new; they've been explored by those wanting to exploit other no-execute-protected processors and operating systems in the Unix world, such as Sun's SPARC and Solaris OS.

"NX isn't designed to stop anything," said Maynor. "It's not been able to mitigate against security threats in Unix" and it won't do that for desktop operating systems like Windows.

Microsoft calls NX by yet another name, Data Execution Prevention, or DEP, in Windows XP SP2 and Windows Server 2003 SP1. Microsoft said the feature will also be enabled by default on critical Windows services in Windows Vista, which just entered Beta 1 testing this week.

"One of our goals is that although NX's limitations are known in the security world, they're not in corporate America," explained Maynor when asked why he was broadcasting NX's deficiencies. "They think it's going to be a silver bullet. It's just dangerous to rely on a single point of technology."

"At best, NX is a speed bump for intruders, not a stop sign," Maynor added.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
How GIS Data Can Help Fix Vaccine Distribution
Jessica Davis, Senior Editor, Enterprise Apps,  2/17/2021
Graph-Based AI Enters the Enterprise Mainstream
James Kobielus, Tech Analyst, Consultant and Author,  2/16/2021
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll